Phishing over IP telephony devices, known as vishing, is expected to grow as a business threat as more organizations deploy VoIP. IBM published The vishing guide in May, designed to help businesses understand the threat and defend against it. The following is from that guide:

Phishing has proven to be an extremely profitable business for criminals. As IP telephony services mature and market penetration expands, we can expect criminal organizations to more frequently adopt phishing techniques, and we can expect to see further evolution of the vishing threat. Vishing will become an increasingly popular attack vector for phishers because of its ability to reach beyond the computer screen and target a broader range of potential victims and because it is a more effective platform for launching social engineering attacks. The historical trust that consumers have placed in telephony services-the assumption that the phone number calling the consumer can be traced back to a (local) billable address-will be fully leveraged by phishers for maximum profit gain.

Some name

Tom Olzak is an independent security researcher and an IT professional with over 38 years of experience in programming, network engineering and security. He has an MBA as well as CISSP certification. He is also an online instructor for the University of Phoenix, and has held positions as an IS director, director of infrastructure engineering, director of information security, and programming manager at a variety of manufacturing, healthcare, and distribution companies. Before joining the private sector, Tom served 10 years in the United States Army Military Police with four years as a military police investigator. He's written four books,
Just Enough Security,
Microsoft Virtualization,
Enterprise Security: A
Practitioner's Guide, and
Incident Management and Response Guide. He is also the author of various papers and articles on security management.

Independent security researcher and IT professional with over 36 years of experience in programming, network engineering and security. Author of four books (Just Enough Security, Microsoft Virtualization, Enterprise Security: A Practitioner's Guide, and Incident Management and Response Guide) and various papers on security management.